Google confesses to massive data theft

Google has confessed that its trawl through people's unsecured wireless networks in some cases captured the entire content of e-mails, passwords, bank account details and records of sites visited.

The master of Internet search confessed in a blog post that inspections of the data Google collected that were carried out by agencies investigating possible breaches of privacy had turned up all sorts of things.

"It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords, " wrote Alan Eustace, senior VP, Engineering and Research. He said Google was "mortified by what happened."

Referring to an earlier blog post. Eustace said: "When I wrote it, no one inside Google had analyzed in detail the data we had mistakenly collected, so we did not know for sure what the disks contained. Since then a number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded)."

Eustace said: "We want to delete this data as soon as possible," probably to destroy the evidence.

Google chief Eric Schmidt earlier warned that personal data such as bank account details could be among the data collected.

It also initially denied any knowledge of the code despite having stored some 600GB of data it collected in a number of hard disks which have now been destroyed.

It later confessed this was not true: "It’s now clear," wrote Alan Eustace, in May, "that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks."

Google insisted that these snippets of payload data would not be useful or contain any personally-identifiable data.

Schmidt later admitted that such information as bank account details could be amongst the data collected.

The outfit said it was initiating procedures to ensure such invasions won't happen again.